Allow admin to delete any user (except admins)
This commit is contained in:
parent
6bbe2307e9
commit
562b0ceffe
|
@ -270,13 +270,18 @@ def delete(username):
|
||||||
if request.method == "GET":
|
if request.method == "GET":
|
||||||
return render_template("users/delete.html", user=user, can_delete=user.can_delete())
|
return render_template("users/delete.html", user=user, can_delete=user.can_delete())
|
||||||
|
|
||||||
if user.can_delete():
|
if "delete" in request.form and (user.can_delete() or current_user.rank.atLeast(UserRank.ADMIN)):
|
||||||
msg = "Deleted user {}".format(user.username)
|
msg = "Deleted user {}".format(user.username)
|
||||||
flash(msg, "success")
|
flash(msg, "success")
|
||||||
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
||||||
|
|
||||||
|
if current_user.rank.atLeast(UserRank.ADMIN):
|
||||||
|
for pkg in user.packages.all():
|
||||||
|
pkg.review_thread = None
|
||||||
|
db.session.delete(pkg)
|
||||||
|
|
||||||
db.session.delete(user)
|
db.session.delete(user)
|
||||||
else:
|
elif "deactivate" in request.form:
|
||||||
user.replies.delete()
|
user.replies.delete()
|
||||||
for thread in user.threads.all():
|
for thread in user.threads.all():
|
||||||
db.session.delete(thread)
|
db.session.delete(thread)
|
||||||
|
@ -286,6 +291,8 @@ def delete(username):
|
||||||
msg = "Deactivated user {}".format(user.username)
|
msg = "Deactivated user {}".format(user.username)
|
||||||
flash(msg, "success")
|
flash(msg, "success")
|
||||||
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
||||||
|
else:
|
||||||
|
assert False
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
|
|
|
@ -115,7 +115,7 @@ class ForumTopic(db.Model):
|
||||||
topic_id = db.Column(db.Integer, primary_key=True, autoincrement=False)
|
topic_id = db.Column(db.Integer, primary_key=True, autoincrement=False)
|
||||||
|
|
||||||
author_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
|
author_id = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
|
||||||
author = db.relationship("User")
|
author = db.relationship("User", back_populates="forum_topics")
|
||||||
|
|
||||||
wip = db.Column(db.Boolean, server_default="0")
|
wip = db.Column(db.Boolean, server_default="0")
|
||||||
discarded = db.Column(db.Boolean, server_default="0")
|
discarded = db.Column(db.Boolean, server_default="0")
|
||||||
|
|
|
@ -174,6 +174,7 @@ class User(db.Model, UserMixin):
|
||||||
tokens = db.relationship("APIToken", back_populates="owner", lazy="dynamic", cascade="all, delete, delete-orphan")
|
tokens = db.relationship("APIToken", back_populates="owner", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||||
threads = db.relationship("Thread", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
threads = db.relationship("Thread", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||||
replies = db.relationship("ThreadReply", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
replies = db.relationship("ThreadReply", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||||
|
forum_topics = db.relationship("ForumTopic", back_populates="author", lazy="dynamic", cascade="all, delete, delete-orphan")
|
||||||
|
|
||||||
def __init__(self, username=None, active=False, email=None, password=None):
|
def __init__(self, username=None, active=False, email=None, password=None):
|
||||||
self.username = username
|
self.username = username
|
||||||
|
|
|
@ -27,7 +27,16 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<a class="btn btn-secondary mr-3" href="{{ url_for('users.account', username=user.username) }}">Cancel</a>
|
<a class="btn btn-secondary mr-3" href="{{ url_for('users.account', username=user.username) }}">Cancel</a>
|
||||||
<input type="submit" value="{% if can_delete %}Delete{% else %}Deactivate{% endif %}" class="btn btn-danger" />
|
<input type="submit"
|
||||||
|
{% if can_delete %}
|
||||||
|
name="delete" value="Delete"
|
||||||
|
{% else %}
|
||||||
|
name="deactivate" value="Deactivate"
|
||||||
|
{% endif %}
|
||||||
|
class="btn btn-danger" />
|
||||||
|
{% if not can_delete and current_user.rank.atLeast(current_user.rank.ADMIN) %}
|
||||||
|
<input type="submit" name="delete" value="Delete Anyway" class="btn btn-danger ml-3" />
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
Loading…
Reference in New Issue